[ https://issues.apache.org/jira/browse/VELOCITY-882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Kienenberger reopened VELOCITY-882: ---------------------------------------- Assignee: Mike Kienenberger It's a simple fix for branch 1.7.x so I'll go ahead and apply it. > Critical vulnerability in commons collection > -------------------------------------------- > > Key: VELOCITY-882 > URL: https://issues.apache.org/jira/browse/VELOCITY-882 > Project: Velocity > Issue Type: Bug > Reporter: Emile Fugulin > Assignee: Mike Kienenberger > Priority: Major > > Hi, > Snyk reported to us that velocity 1.7 contains a dependency to > commons-collection 3.2.1 which is vulnerable to arbitrary code execution. > https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078 > This should be fixed since many lib depends on this library... -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org